Dmitry Kostin, an information security expert

[tanjimajuha20]

Yulia Smolina, Head of the Competence Center for Information Security Consulting at Softline Group of Companies, believes that the draft law primarily specifies the existing requirements that were previously left to the discretion of operators: "For example, this concerns the depersonalization and destruction of personal data. Now operators will need to follow clearly defined procedures and standards. The concept of "additional purpose of personal data processing" is also introduced. This innovation creates opportunities for the use of personal information, but at the same time requires companies to update their personal data processing policies. They will have to review consent and notification forms, and submit the relevant changes to Roskomnadzor. All this will require additional resources and time to adapt to the new requirements."
at New Cloud Technologies LLC (MyOffice), believes that the amendments made to the bill provide for significant changes in terms of control and supervision over the implementation of organizational and technical measures to protect personal data in government information systems and other similar systems uae whatsapp resource used by government agencies of the Russian Federation, with the importance and content of the data processed in information systems, including those used in personal data that are not related to government information systems, being taken into account separately: "Such powers are granted, for example, to the federal executive body responsible for ensuring the security and protection of information, as well as countering technical intelligence. However, it acts without the right of access to personal data processed in personal data information systems.
In other words, operators who will be under control and supervision, especially if they are not government agencies and use information systems to process personal data, will have to strictly comply with the requirements of legislation, guidelines and methodological documents on the protection of personal data, as well as acquire and use certified information security tools, when necessary. This will require a significant increase in the costs of organizations for hiring and paying the necessary specialists, as well as for the acquisition and operation of all necessary information security tools."

Sergey Nazarenko draws attention to two circumstances: "Firstly, the addition (Article 9, Part 9) clearly allows the processing of information in the interests of state bodies for a wide range of tasks (Article 6, Part 1). Secondly, the emergence of additional requirements for the depersonalization of personal data may suspend or make impossible the operation of a large number of services for improving user experience, the operation of which is based on the analysis of user behavior and preferences."

The head of the relevant State Duma committee, Aleksandr Khinshtein, motivated the emergence of this norm in an interview with the National Banking Journal as follows: "This (GIS, accumulating personal data) should be exclusively a reading room without a subscription for handing out. It is fundamentally important: big data is anonymized data, but from the point of view of current legislation, even after anonymization they still remain personal, and with certain approaches and technologies these data can be further enriched and, as a result, "the mincemeat can be turned back". Which is something we absolutely do not want."